/**
  * Copyright (c) CSIRO Australia, 2009
  *
  * @author $Author: jia020 $
  * @version $Id: Login.java 643 2009-05-20 00:20:55Z jia020 $
  */
package au.csiro.nt.pdsp.register;

import java.sql.ResultSet;
import java.sql.SQLException;

import au.csiro.nt.pdsp.client.PdspConst;
import au.csiro.nt.pdsp.util.Config;

/**
 * @author jia020
 *
 */
public class Login {
	public String verifyPassword(String userID,String password){ //throws RegisterException
		String sql = "select u.password ,r.name role, u.status from users u,role r where u.role_id = r.role_id and u.username='" + userID + "'";
		ResultSet rs = Config.getInstance().mysql.execSelect(sql);
		String passwordreal = "";
		String role = "";
		String status = "";
		boolean bSuccess = false;
		try {
			if (rs != null && rs.next()) {
				passwordreal = rs.getString("password");
				role = rs.getString("role");
				status = rs.getString("status");
				if (password.equalsIgnoreCase(passwordreal))
					bSuccess = true;
				rs.close();
			}
		} catch (SQLException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		
//	<params>
//	<param id="1" key="userid" value="pdsp"/>
//	<param id="2" key="role" value="xxx"/>
//	<param id="2" key="status" value="xxx"/>		
//	</params>
//		public final String XMLPARAM_USERID = "userid";
//		public final String XMLPARAM_ROLE = "role";
//		public final String XMLPARAM_STATUS = "status";	
//		public final String XMLPARAM_SESSIONID = "sessionid";		
//		
		if (!bSuccess)
			return null;
		StringBuffer sb = new StringBuffer();
		sb.append("<params>");
		sb.append("<param id=\"1\" key=\"userid\" value=\"" + userID + "\"/>");		
		sb.append("<param id=\"2\" key=\"role\" value=\"" + role + "\"/>");		
		sb.append("<param id=\"3\" key=\"status\" value=\"" + status + "\"/>");		
		sb.append("</params>");		
		return sb.toString();
	}
}
